#2560 cmpi-base: Linux_UnixProcess command injection vulnerability

Security
pending-fixed
Provider (226)
5
2012-11-02
2012-10-31
No

The "Handle" key which corresponds to a process id (pid) is not properly sanitized by the provider when attempting to look up a process. This value is used as an input by the provider to the "ps" command when collecting process information. This lack of input validation can be exploited to inject arbitrary shell commands through specially crafted cim requests.

Discussion

  • Tyrel Datwyler

    Tyrel Datwyler - 2012-11-02

    Patch attached

    Committed to CVS Head

     
  • Tyrel Datwyler

    Tyrel Datwyler - 2012-11-02
    • status: open --> pending-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks